top | item 33726674

(no title)

uxp | 3 years ago

Validating any contact method that has the potential of sending PII, Health, or financial data should be mandatory by law.

At least once a year I get an automated phone call from a regional hospital letting me know some minor's test results. Calling the hospital's CS department in order to notify them or somehow get my phone number removed from the account is impossible, because I'm not this person nor their legal guardian and HIPAA regulations prevent me from instigating a change on someone else's medical records or accounts.

discuss

yencabulator|3 years ago

An extra problem there is that phone numbers get reused. They might have verified the number at the time the previous person still had it.

I get all kinds of messages to someone called Amy from multiple sources, so I believe Amy really had my phone number earlier. No medical results yet, but healthcare appointment reminders for sure.

dietketchup|3 years ago

Don't call CS. File a HIPAA complaint. The provider who is sharing PHI illegally will certainly care. They have no duty to validate the phone number, but they do have to respond to a complaint saying they shared PHI with a person who is not THE person.